X-Git-Url: http://git.silc.fi/gitweb/?a=blobdiff_plain;f=TODO;h=65b6a4e92497711c93c08d8995a97419db3f204e;hb=57af98efbd82c4c89c81850f42b02585fed1a16a;hp=e1c30b328f58a8ef9a9a301eb2113f60a1b252a8;hpb=c257b555225193e54d85daf541d29578b3c93882;p=crypto.git diff --git a/TODO b/TODO index e1c30b32..65b6a4e9 100644 --- a/TODO +++ b/TODO @@ -1,54 +1,221 @@ -TODO for SILC Client 1.0 branch -=============================== +TODO for 1.2 And Beyond +======================= - o Bugs reported on the mailing list that will be fixed eventually. - The numbers are arbitrary and assigned by me (c0ffee), bugs in - parentheses are fixed. +NOTE: Any item that doesn't have (***DONE) in it, isn't done yet. The +(***TESTING NEEDED) means that the item has been done but not yet properly +tested. - (#1 Ignore ALL doesn't ignore target using /me) - #2 specification of the silc network - (#3 expired private key dialogue doesn't work) - #4 silc client allows setting non-utf8 topics - #5 SILC-client displaying wrong totals with /names +NOTE: A TODO entry does not mean that it is ever going to be done. Some +of the entries may be just ideas, good, bad or ugly. If you want to work +on some of the TODO entries simply let us know about it by dropping a note +to silc-devel mailing list or appear on 'silc' channel on SILCNet. -TODO for SILC Server 1.0 +Crypto Library, lib/silccrypt/ +============================== + + o SilcHmac must be replaced with generic SilcMac so that we can add + others than just HMAC algorithms. Backwards support (via #define's) + must be preserved. + + o Change the DSA implementation to support FIPS186-3. This means that + the q length is determined by the key length. Also note that specific + hash functions must be used with different q lengths. + + o AES CBC is missing proper alignment code (see silc_1_1_branch). + + o The asynchronous functions to perhaps to _async to preserve backwards + compatibility with synchronous versions, and make easier to migrate + from 1.1 to 1.2. + + o Do GCC vs ICC benchmarks of all key algorithms. + + o silc_pkcs_public_key_alloc should accept also SILC_PKCS_ANY as argument + and try all supported PKCS until one succeeds (ala load_public_key). + + o Add fingerprint to SilcSILCPublicKey and retrieval to silcpk.h, and + possibly to silcpkcs.h. + + /* Return fingerprint of the `public_key'. Returns also the algorithm + that has been used to make the fingerprint. */ + const unsigned char * + silc_pkcs_get_fingerprint(SilcPublicKey public_key, + const char **hash_algorithm, + SilcUInt32 *fingerprint_len); + + o Add DSA support to SILC public key. + + o Global RNG must be changed to use SILC Global API. + + o Add silc_crypto_init and silc_crypto_uninit. The _init should take + SilcStack that will act as global memory pool for all of crypto + library. It should not be necessary anymore to separately register + default ciphers, HMACs, etc, the _init would do that. However, if + user after _init calls silc_pkcs_register, for example, it would take + preference over the default once, ie. user can always dictate the + order of algorithms. (***DONE) + + o Change SILC PKCS API to asynchronous, so that accelerators can be used. + All PKCS routines should now take callbacks as argument and they should + be delivered to SilcPKCSObject and SilcPKCSAlgorithm too. (***DONE) + + o Change PKCS Algorithm API to take SilcPKCSAlgorithm as argument to + encrypt, decrypt, sign and verify functions. We may need to for exmaple + check the alg->hash, supported hash functions. Maybe deliver it also + to all other functions in SilcPKCSAlgorithm to be consistent. (***DONE) + + o Add DSS support. (***DONE) + + o Implement the defined SilcDH API. The definition is in + lib/silccrypt/silcdh.h. Make sure it is asynchronous so that it can + be accelerated. Also take into account that it could use elliptic + curves. + + o All cipher, hash, hmac etc. allocation routines should take their name + in as const char * not const unsigned char *. (***DONE) + + o Add ECDSA support. + + o Add ECDH support. + + +SKR Library, lib/silcskr/ +========================= + + o Add fingerprint as search constraint. + + o Add SSH support. (***DONE, TESTING NEEDED) + + o Add OpenPGP support. Adding, removing, fetching PGP keys. (Keyring + support?) + + o Add support for importing public keys from a directory and/or from a + file. Add support for exporting the repository (different formats for + different key types?). + + o Change the entire silc_skr_find API. Remove SilcSKRFind and just simply + add the find constraints as variable argument list to silc_skr_find, eg: + + silc_skr_find(skr, schedule, callback, context, + SILC_SKR_FIND_PUBLIC_KEY, public_key, + SILC_SKR_FIND_COUNTRY, "FI", + SILC_SKR_FIND_USAGE, SILC_SKR_USAGE_AUTH, + SILC_SKR_FIND_END); + + NULL argument would be ignored and skipped. + + o Add OR logical rule in addition of the current default AND, eg: + + // Found key(s) MUST have this public key AND this country. + silc_skr_find(skr, schedule, callback, context, + SILC_SKR_FIND_RULE_AND, + SILC_SKR_FIND_PUBLIC_KEY, public_key, + SILC_SKR_FIND_COUNTRY, "FI", + SILC_SKR_FIND_END); + + // Found key(s) MUST have this public key OR this key context + silc_skr_find(skr, schedule, callback, context, + SILC_SKR_FIND_RULE_OR, + SILC_SKR_FIND_PUBLIC_KEY, public_key, + SILC_SKR_FIND_CONTEXT, key_context, + SILC_SKR_FIND_END); + + o SilcStack to SKR API. + + +SILC Accelerator Library ======================== - o BUG: silc_idlist_del_client had been called but sock->user_data remained - and pointed to invalid pointer. Where it was called is not known. + o Diffie-Hellman acceleration + + o SILC Accelerator API. Provides generic way to use different kind of + accelerators. Basically implements SILC PKCS API so that SilcPublicKey + and SilcPrivateKey can be used but they call the accelerators. + (***DONE) + + o Implement software accelerator. It is a thread pool system where the + public key and private key operations are executed in threads. + (***DONE) + + o Add SilcCipher support to SilcAccelerator and software accelerator. + Accelerate at least ciphers using CTR mode which can be done in + parallel. Do it in producer/consumer fashion where threads generate + key stream and other thread(s) encrypt using the key stream. (***DONE) + + +lib/silcmath +============ + + o Prime generation progress using callback instead of printing to + stdout. + + o All utility functions should be made non-allocating ones. + + o Import TFM. We want TFM's speed but its memory requirements are + just too much. By default it uses large pre-allocated tables which + will eat memory when there are thousands of public keys in system. + We probably want to change TFM. (***DONE) + + o Add AND, OR and XOR support to TFM. (***DONE) + + o The SILC MP API function must start returning indication of success + and failure of the operation. (***DONE) + + o Do SilcStack support for silc_mp_init, silc_mp_init_size and other + any other MP function (including utility ones) that may allocate + memory. (***DONE) + + +lib/silcasn1 +============ + + o Negative integer encoding is missing, add it. + + o SILC_ASN1_CHOICE should perhaps return an index what choice in the + choice list was found. Currently it is left for caller to figure out + which choice was found. (***DONE) + + o SILC_ASN1_NULL in decoding should return SilcBool whether or not + the NULL was present. It's important when it's SILC_ASN1_OPTIONAL + and we need to know whether it was present or not. (***DONE) + + +lib/silcpgp +=========== + + o OpenPGP certificate support, allowing the use of PGP public keys and + private keys. + + o Signatures for data, public keys and private keys (Signature packet). - o Basic UTF-8 stringprep profile that makes sure UTF-8 strings are - as defined in spec-08 section 3.13. + o Signature verification from public keys, private keys and other signed + data (Signature packet). - o Server sometimes connects more than once to router and keeps - connecting even though connection exists. + o Encryption and decryption support (Packet tags 8 and 18 most likely). - o Testing + o Retrieval of User ID from public key and private key (Used ID packet + and User Attribute packet). + o Creation of OpenPGP key pairs. -TODO/bugs In SILC Libraries -=========================== + o Trust packet handling (GNU PG compatible) from public and private keys. - o Test cases for all payload encoding and decoding routins in lib/silccore/ + o Add option that the signature format doesn't use the OpenPGP format + but whatever is the default in SILC crypto library. - o Test cases for math library routines in lib/silcmath/ - o Implement new version of SFTP protocol (missing versions 4 and 5, we - have version 3). +lib/silcssh +=========== + o Add option that the signature format doesn't use the SSH2 protocol + but whatever is the default in SILC crypto library; + silc_ssh_private_key_set_signature_type, or something. -TODO in Toolkit Documentation -============================= + o SSH2 public key/private key support, allowing the use of SSH2 keys. + RFC 4716. (***DONE) -Stuff that needs to be done in order to complete the Toolkit Reference -Manual (Do these to 0.9.x). - o Write "Programming with Toolkit" document, describing how to build - Toolkit, how the build system works, where is everything, how - new (external) projects can be glued into Toolkit (use irssi as an - example), and how external projects can use Toolkit without gluing into - it (how to link etc), debugging, architecture, types, etc. +lib/silcpkix +============ - o Searching of predefined keywords, exact and partial matches (would be - nice). + o PKIX implementation